#!/bin/bash

{% set cron_cmd = 'cron -f' if kolla_base_distro in ['ubuntu', 'debian'] else 'crond -s -n' %}

{% if 'external' in letsencrypt_managed_certs and kolla_external_fqdn != kolla_external_vip_address %}
# External Certificates
/usr/bin/letsencrypt-certificates \
  --external \
  --fqdns {% for fqdn in letsencrypt_external_fqdns %}{{ fqdn }}{% if not loop.last %},{% endif %}{% endfor %} \
  --days {{ letsencrypt_cert_valid_days }} \
  --port {{ letsencrypt_webserver_port }} \
  --mail {{ letsencrypt_email }} \
  --acme {{ letsencrypt_external_cert_server }} \
  --vips {% if not kolla_same_external_internal_vip %}{{ kolla_external_vip_address }},{% endif %}{{ kolla_internal_vip_address }} \
  --haproxies-ssh {% for host in groups['loadbalancer'] %}{{ 'api' | kolla_address(host) | put_address_in_context('url') }}:{{ haproxy_ssh_port }}{% if not loop.last %},{% endif %}{% endfor %} \
  {% if letsencrypt_external_account_binding | bool %}
    --eab \
    --hmac {{ letsencrypt_eab_hmac }} \
    --kid {{ letsencrypt_eab_key_id }} \
  {% endif %}
  {% if letsencrypt_key_type | length > 0 %}
    --key-type {{ letsencrypt_key_type }} \
  {% endif %} 2>&1 | tee -a /var/log/kolla/letsencrypt/letsencrypt-lego.log
{% endif %}

{% if 'internal' in letsencrypt_managed_certs and kolla_internal_fqdn != kolla_internal_vip_address %}
# Internal Certificates
/usr/bin/letsencrypt-certificates \
  --internal \
  --fqdns {% for fqdn in letsencrypt_internal_fqdns %}{{ fqdn }}{% if not loop.last %},{% endif %}{% endfor %} \
  --days {{ letsencrypt_cert_valid_days }} \
  --port {{ letsencrypt_webserver_port }} \
  --mail {{ letsencrypt_email }} \
  --acme {{ letsencrypt_internal_cert_server }} \
  --vips {% if not kolla_same_external_internal_vip %}{{ kolla_external_vip_address }},{% endif %}{{ kolla_internal_vip_address }} \
  --haproxies-ssh {% for host in groups['loadbalancer'] %}{{ 'api' | kolla_address(host) | put_address_in_context('url') }}:{{ haproxy_ssh_port }}{% if not loop.last %},{% endif %}{% endfor %} \
  {% if letsencrypt_external_account_binding | bool %}
    --eab \
    --hmac {{ letsencrypt_eab_hmac }} \
    --kid {{ letsencrypt_eab_key_id }} \
  {% endif %}
  {% if letsencrypt_key_type | length > 0 %}
    --key-type {{ letsencrypt_key_type }} \
  {% endif %} 2>&1 | tee -a /var/log/kolla/letsencrypt/letsencrypt-lego.log
{% endif %}

{{ cron_cmd }}
